Rootkit scanning

Starting with Version 2.0, The Avenger can scan your computer for rootkits hidden from the Windows operating system. Check the "Scan for rootkits" box to enable this feature. It is enabled by default.

You may also authorize Avenger to disable any rootkits found automatically.It is strongly recommended to examine the results of a rootkit scan before you authorize Avenger to disable anything.

Execution process

Click the "Execute" button to begin execution of the current script. The Avenger will prompt you to reboot.

The Avenger makes backups of all actions it takes, and saves those backups in the folder C:\Avenger (if C:\ is your system drive).

The backups are zipped and password-protected with password "infected", to prevent accidental reinfection when viewing backups of live malware.

The most recent backup is called "backup.zip", and the rest are named by date and time of creation.

Registry backups are contained within the zip archives and named "backup.reg". They are in standard .REG file format, and can be restored simply by double-clicking on them.

The Avenger's log file is also contained within the zip archive, named "avenger.txt". You may view the log from the most recent execution of The Avenger by selecting Open Log File from the File menu. This most recent log is stored at C:\avenger.txt (if C:\ is your system drive), and is not deleted until the next time The Avenger executes commands.

Script Syntax

The core of The Avenger is its script-processing functionality, and thus I must discuss script syntax. This will be the subject of the next tutorial.